m3tam3re/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62a85af9bc4928f63cee8be4aa50f1ff8d869eee
nixpkgs/templates/nixos-module/default.nix
m3tam3re 1ce83403bc first
2025-10-04 15:53:48 +02:00

137 lines
3.6 KiB
Nix
Raw Blame History

# NixOS Module Template
# This is a template for creating new NixOS modules in m3ta-nixpkgs
# Copy this template and modify it for your specific module
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.m3ta.myModule; # Replace 'myModule' with your module name
in {
# Define options that users can set in their configuration
options.m3ta.myModule = {
enable = mkEnableOption "my custom module"; # Replace with your module description
# Example: String option
package = mkOption {
type = types.package;
default = pkgs.hello; # Replace with your default package
defaultText = literalExpression "pkgs.hello";
description = "The package to use for this module";
};
# Example: String option
dataDir = mkOption {
type = types.path;
default = "/var/lib/mymodule";
description = "Directory where data will be stored";
};
# Example: Port number
port = mkOption {
type = types.port;
default = 8080;
description = "Port to listen on";
};
# Example: String option
user = mkOption {
type = types.str;
default = "mymodule";
description = "User account under which the service runs";
};
# Example: Group option
group = mkOption {
type = types.str;
default = "mymodule";
description = "Group under which the service runs";
};
# Example: Boolean option
openFirewall = mkOption {
type = types.bool;
default = false;
description = "Whether to open the firewall for the service port";
};
# Example: List of strings
extraArgs = mkOption {
type = types.listOf types.str;
default = [];
example = ["--verbose" "--debug"];
description = "Additional command-line arguments to pass";
};
# Example: Attribute set (key-value pairs)
settings = mkOption {
type = types.attrs;
default = {};
example = literalExpression ''
{
logLevel = "info";
timeout = 30;
}
'';
description = "Configuration settings as attribute set";
};
};
# Define what happens when the module is enabled
config = mkIf cfg.enable {
# Create a system user
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
home = cfg.dataDir;
createHome = true;
description = "My module service user";
};
users.groups.${cfg.group} = {};
# Define a systemd service
systemd.services.mymodule = {
description = "My Custom Module Service";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Type = "simple";
User = cfg.user;
Group = cfg.group;
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/myprogram ${concatStringsSep " " cfg.extraArgs}";
Restart = "on-failure";
RestartSec = 5;
# Security hardening
PrivateTmp = true;
NoNewPrivileges = true;
ProtectSystem = "strict";
ProtectHome = true;
ReadWritePaths = [cfg.dataDir];
};
};
# Open firewall if requested
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
# Add package to system packages (optional)
environment.systemPackages = [cfg.package];
# Example: Create configuration file
# environment.etc."mymodule/config.json".text = builtins.toJSON cfg.settings;
};
# Module metadata
meta = {
maintainers = with lib.maintainers; []; # Add your name if in nixpkgs
doc = ./default.md; # Optional: Link to documentation
};
}
Reference in New Issue View Git Blame Copy Permalink